?

Log in

Why trusted third party repos. will always be a bad idea - James Antill

Apr. 3rd, 2009

06:37 pm - Why trusted third party repos. will always be a bad idea

Previous Entry Share Next Entry

Comments:

[User Picture]
From:hughsient
Date:April 5th, 2009 07:56 am (UTC)

Completely agree

(Link)
I completely agree with you on this. PackageKit supports catalog files, which are like distro-agnostic versions of OCI files, with the repository adding functionality stripped out. We've also got a clear stance on OCI in the FAQ: http://www.packagekit.org/pk-faq.html#1-click-install
(Reply) (Thread)
From:(Anonymous)
Date:April 20th, 2009 10:56 pm (UTC)

Great summary, but overly anti-ISV?

(Link)
It's a very good summary of the issues, but
it seems to dismiss the "lsb packages in an ISV repository"
case too glibly.

Also, Richard Hughes is on record as saying that supporting
Suse's One Click Install format would be worthwhile
iff the security problems can be worked out
(see http://lists.freedesktop.org/archives/packagekit/2009-March/004573.html )
(Reply) (Parent) (Thread)